For many reasons, including virus detection, rights protection and security, it can be desirable to be able to identify software. Such software should be broadly construed to include (but not limited to) any digital content such as computer code, Java applets, digitized media (including music, images or audio), or digitized text and data.
Numerous concepts of software identification are known, many of which rely on obtaining a unique identification value (such as a fingerprint) of a given piece of software. A common method for obtaining a fingerprint of a software program is to perform a MD5 checksum on the compiled software code. This, however, exhibits security weaknesses. It can also be difficult to implement when the software code itself is hard to execute.
Also, it is common for software programs to make security related operations during execution. Thus, in such programs, there is a need for security-related provisions such as encryption, tamper resistance and software-environment recognition.
Encryption is commonly employed for storing critical data. For example, critical data is commonly encrypted using a key. The key therefore needs to be secure because once it is known it is easy to decrypt the critical data. Creation of a secure key and/or its safe storage presents many problems.
Tamper resistance is typically employed prevent the executed software from being modified by a hacker in order to divert the primary usage of the program. This is provided by performing checks on the software, using a MD5 checksum for example.
Recognition of the software environment helps to ensure that software runs in a trusted environment. To do this, a software program may check that the environment is known and not tampered with. For instance, a software program may determine the version of the operating system and determine that the version is out-of-date or does not meet predetermined security requirements. As with the use of checksums, it can also be easy to reverse engineer such environment checks.